Corporate data hackers are having a field day invading the private information stores of enterprises around the world. IT efforts to build impenetrable force fields around sensitive data have fallen short in many cases. Cybercriminals are on the march, and not letting up anytime soon; the success of their exploits have been too remarkably successful for that. But companies small and large are fighting back.

How the cybercriminals are making out:

According to Symantec’s “2016 Internet Security Threat Report,” in 2015, a record-setting total of nine mega-breaches occurred, and the reported number of exposed identities jumped to 429 million. Its conservative estimate of unreported breaches pushes the number of records lost to more than half a billion.

Business Insider reports that hackers are making $7,500 per month, according to Flashpoint, by holding people’s data hostage. These “ransomware” campaigns resulted in 2,500 complaints reported to the FBI in 2015, amounting to $1.6 million in loses.

How enterprises rate and respond to threats:

A 2016 survey of 300 North American security professionals from organizations with 100 or more employees—the Dark Reading Strategic Security Survey—discovered that 39 percent of business technology decision makers rank preventing external data breaches their top security concern. This represents an upsurge from the 26 percent who named this their primary concern in 2015, reflecting the heightened threat.

Here is what they see as the other top cybersecurity risks:

• Controlling user access to systems and data: 34 percent
• Managing the complexity of security: 33 percent
• Meeting regulatory and industry compliance requirements: 33 percent
• Assessing risk: 32 percent
• Enforcing security policies: 31 percent
• Spreading user awareness: 23 percent
• Getting management buy-in or adequate funding: 20 percent

Respondents attributed the need for increased vigilance to the greater sophistication (69 percent) and growing number (56 percent) of attacks against organizations. So, how are security professionals reacting to this uptick in potential threats? First of all, due to limited resources, they’ve been forced to pick their battles—and they’re getting more selective and smart about it. They’re focusing on areas they deem most effective in thwarting attacks: technology, training and building strong defenses.

According to the survey, business technology decision makers plan to aim their efforts at the endpoints they consider most vulnerable: users. Nearly one-half of security professionals worry most about spear phishing campaigns—fraudulent emails inducing their recipients to reveal confidential information—targeted at end users, and their fears are well-warranted. The Symantec report shows that spear phishing campaigns increased by 55 percent in 2015.

This is followed closely (46 percent) by concerns about users connecting infected personal devices to the company’s network, and even losing personal devices (39 percent) containing sensitive data. Downloading malware from the Internet (36 percent) is yet another vulnerability attributed to end users.

Security professionals in businesses of all sizes face the tough task of protecting data along many fronts, and, oftentimes, struggle to mount a strong defense with limited resources—from funding to staff. To make the most of protective measures, consider working with a managed services provider like Apex Technology Services. We’ll provide a top-down assessment of your network security, including a detailed report of any and all vulnerabilities—and then we’ll help you eliminate them.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.